As the article points out, the EU can't simply order the world to follow its laws, so that's problem #1.
That is not "the problem" and it's not a problem at all. The EU, as a whole, or any individual country, has a right to impose whatever regulations it wishes on internet collectors of personal information from individuals. Notice that the key phrase is "personal information". But, to be on the safe side, any website that receives a request from a user to "delete" his/her information, should go ahead and issue a "delete" which would encompass any and all countries where the website might be viewed/used.
Here's another problem...suppose you've made orders from Amazon.com. Now you want Amazon to delete all of your data. Do they also delete any record of your purchases? If so, wouldn't that make returns difficult if they never heard of you? Or suppose I purchase a gun. Would it be a problem to law enforcement if all evidence of the purchase is conveniently erased?
Yet, that's not what the EU or any country country would have in mind when it comes to "personal information".
What you're talking about is a business transaction, for which a business needs to gather identifying and location information. That kind of transaction does NOT involve gathering people's browsing habits, or chatting habits, or video/image uploads, or video/image downloads, or recording of every place a person visits on the internet. That is what "privacy issues" are about.
Now, once a business transaction is completed and it's not one of those that can be tagged as "concerning" to law enforcement agencies, then, if a person requests to be taken off that websites "customer list", then the website should fulfill that request and delete the customer's data; in the least, the customer should be tagged as inactive with the purpose of eventual deletion.
When it comes to places such as Facebook and MySpace and Google or any other place whose business does depend upon the gathering of personal information about their customers/visitors, then, the EU idea is a lot more pertinent.
The EU idea is not about preventing followups on business transactions, and when a company does take orders via the internet, then the customer should be given the chance to opt-out of any future contacts not related to the customer's transactions; in other words, the company can be prevented from targeting a customer for advertising any of it's products or services.
As someone who works with SQL, I'd like a few more details about how you think this is supposed to work.
I also work with SQL; in fact, I'm an expert with SQL. But, this matter from the EU is not a problem which needs to concern the requests to remove "personal and non-business related information". Get it?
Do you REALLY want to delete the requestor's record personal record?
When it comes to identifying and location information related to a business transaction, then the business has a right to keep and maintain that data. But, the EU suggestion is not about "business related" transactions.
That's a problem as there are typically many records attached to this identification record. Not saying it's impossible, but I'd like to hear the details on the implementation.
When it comes to either business-related or personal-and-private gathering of information, the SQL implementation should not be a problem at all.
A record in a database which "identifies" a person, should have a field for flagging whether a person has made a request for "deletion". Once the "deletion" is requested by the customer, that record is tagged as "I" (inactive), and not transactions or gathering of information should be allowed from that point on. The "I" remains on the record for a specified period of time, say, 3 months or a year or whatever is deemed adequate. Once the "I" period is up, the record is tagged as "D" and only an ID record should remain on the database and all other records related to the person, should be "physically" deleted and not even stored "off-line". The ID record, with the "D" (delete) tag should be kept as sort of a "no-call" list, which should be a warning to the website that collecting information for that user is prohibited. The user can make a request to change that status, and with that request. the "D" is changed to "A" for active. But, no data gathered in the past should be allowed to get back on-line for that user. In other words, it's a "fresh-start" for that user.
Back on the facebook thing, what happens to conversations that you participated in...do each of your responses get deleted? Or any conversation you participated in?
Responses/posts don't need to be physically deleted. Once a user requests to be "deleted", then his/her posts and responses should be "blocked" from appearing on the site or in a thread or conversation. That should not be a problem for programming or for database design.
And what if someone refers to you by name in a conversation...do you expect facebook to delete those references?
Now you're getting ridiculous.
